# Controls the relative weight given to swapping out runtime memory
# For more details, http://en.wikipedia.org/wiki/Swappiness
Apply vm.swappiness:
  sysctl.present:
    - name: vm.swappiness
    - value: 0

# To reduce number of TIME_WAIT connections
Apply net.ipv4.tcp_fin_timeout:
  sysctl.present:
    - name: net.ipv4.tcp_fin_timeout
    - value: 15

Apply net.ipv4.tcp_tw_reuse:
  sysctl.present:
    - name: net.ipv4.tcp_tw_reuse
    - value: 1

Apply net.ipv4.tcp_tw_recycle:
  sysctl.present:
    - name: net.ipv4.tcp_tw_recycle
    - value: 1

Apply net.ipv4.ip_local_port_range:
  sysctl.present:
    - name: net.ipv4.ip_local_port_range
    - value: 1024     61000

# To keep the long running connection alive, such as long SQL query
#
# if the amount of time in seconds specified in net.ipv4.tcp_keepalive_time passes
# without any communication on a TCP/IP socket connection, then the Linux OS
# will begin sending keepalive packets.
Apply net.ipv4.tcp_keepalive_time:
  sysctl.present:
    - name: net.ipv4.tcp_keepalive_time
    - value: 120

# Connection will be aborted after 3 minutes of retries (30 x 6)
Apply net.ipv4.tcp_keepalive_intvl:
  sysctl.present:
    - name: net.ipv4.tcp_keepalive_intvl
    - value: 30

Apply net.ipv4.tcp_keepalive_probes:
  sysctl.present:
    - name: net.ipv4.tcp_keepalive_probes
    - value: 6

# Increase File Descriptor limit. Important to avoid too many open files error
Apply fs.file-max:
  sysctl.present:
    - name: fs.file-max
    - value: 100000

# OS Level Firewall rules. This should be not needed on actual server
# But it doesn't hurt to include it
Open port 80 on server iptables:
  cmd.run:
    - name: lokkit -p 80:tcp   ## This only works in Centos6+
    - unless: iptables --list | grep -q "state NEW tcp dpt:http"

Open port 8008 on server iptables:
  cmd.run:
    - name: lokkit -p 8008:tcp   ## This only works in Centos6+

